1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# == Class: panko::policy
#
# Configure the panko policies
#
# === Parameters
#
# [*enforce_scope*]
# (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $::os_service_default.
#
# [*enforce_new_defaults*]
# (Optional) Whether or not to use old deprecated defaults when evaluating
# policies.
# Defaults to $::os_service_default.
#
# [*policies*]
# (Optional) Set of policies to configure for panko
# Example :
# {
# 'panko-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'panko-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
# }
# Defaults to empty hash.
#
# [*policy_path*]
# (Optional) Path to the panko policy.yaml file
# Defaults to /etc/panko/policy.yaml
#
class panko::policy (
$enforce_scope = $::os_service_default,
$enforce_new_defaults = $::os_service_default,
$policies = {},
$policy_path = '/etc/panko/policy.yaml',
) {
include panko::deps
include panko::params
validate_legacy(Hash, 'validate_hash', $policies)
Openstacklib::Policy::Base {
file_path => $policy_path,
file_user => 'root',
file_group => $::panko::params::group,
file_format => 'yaml',
}
create_resources('openstacklib::policy::base', $policies)
oslo::policy { 'panko_config':
enforce_scope => $enforce_scope,
enforce_new_defaults => $enforce_new_defaults,
policy_file => $policy_path
}
}
|
